Internet protocols exist that govern communications between a host computing device and a client computing device. For example, in an Internet Protocol Security (IPsec) based virtual private network (VPN), packets relating to the exchange of keys used for encrypting and authenticating data, and packets relating to the exchange of the data itself are typically communicated between the host and client computing devices.
There exist implementations of IPsec based VPNs which rely on Extended Authentication (XAUTH), a feature of the Internet Key Exchange (IKE) protocol, to negotiate authentication of a user of the client computing device requesting access to the host computing device, or more generally to a host network. XAUTH provides a mechanism for transporting challenges and responses, typically on behalf of an authentication server coupled to the host computing device or network. There exist different types of authentication servers, many of which require the user requesting access to supply some amount of information in order to verify his identity.
For example, SecurID® is a mechanism developed by RSA Security Inc. for authenticating a user to a network resource. The SecurID authentication mechanism consists of a token, which in one known implementation is a piece of portable hardware assigned to a user that generates an authentication code every sixty seconds using a built-in clock and a serial number encoded in a read-only memory. In order to authenticate the user, the user enters the generated authentication code, typically along with some other authentication data supposedly known only to the user. For example, the user will typically need the generated authentication code, the user's password for VPN access, and knowledge of how to combine these two pieces of information in order to gain VPN access.
Negotiating user authentication can be particularly inconvenient and cumbersome to mobile device users, especially where a user is required to carry around both his mobile device and the token, and to manually enter the authentication code and/or other authentication data for every negotiation. Furthermore, the smaller the mobile device, the more difficult it typically is to enter such information into the mobile device when prompted.